CVE-2016-7405

Опубликовано: 03 окт. 2016

Источник: debian

EPSS Низкий

Описание

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libphp-adodb	fixed	5.20.6-1		package
libphp-adodb	fixed	5.15-1+deb8u1	jessie	package

Примечания

https://github.com/ADOdb/ADOdb/issues/226
https://github.com/ADOdb/ADOdb/commit/bd9eca9
Issue only with the PDO driver and only if queries built by inlining
the quoted string (not recommended).
https://www.openwall.com/lists/oss-security/2016/09/07/8

EPSS

Процентиль: 86%

0.03101

Низкий

Связанные уязвимости

CVE-2016-7405

CVSS3: 9.8

ubuntu

почти 9 лет назад

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

CVE-2016-7405

CVSS3: 9.8

nvd

почти 9 лет назад

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

ROS-20240702-05

CVSS3: 9.8

redos

около 1 года назад

Уязвимость php-adodb

GHSA-3fj4-q72x-x2g9

CVSS3: 9.8

github

больше 3 лет назад

ADOdb Library SQL Injection

EPSS

Процентиль: 86%

0.03101

Низкий